Dr. David von Oheimb [Tue, 7 Dec 2021 17:02:19 +0000 (18:02 +0100)]
APPS/cmp: Simplify read_write_req_resp() - 'req' arg must not be NULL anyway
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17251)
Dr. David von Oheimb [Thu, 9 Dec 2021 19:52:59 +0000 (20:52 +0100)]
ossl_cmp_msg_check_update(): align recipNone check with improved transactionID check
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17251)
Dr. David von Oheimb [Thu, 9 Dec 2021 19:28:08 +0000 (20:28 +0100)]
CMP test_commands.csv: improve test for -reqin, adding -reqin_new_tid
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
Dr. David von Oheimb [Thu, 9 Dec 2021 19:25:19 +0000 (20:25 +0100)]
CMP test_verification.csv: add missing test case for -untrusted with non-matching cert
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
Dr. David von Oheimb [Thu, 9 Dec 2021 11:40:08 +0000 (12:40 +0100)]
CMP test_enrollment.csv: clean up test cases regarding (non-existing) directories
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17252)
Richard Levitte [Fri, 10 Dec 2021 12:18:42 +0000 (13:18 +0100)]
test/evp_extra_test.c: Add EVP_PKEY comparisons in test_EC_priv_pub()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Richard Levitte [Fri, 10 Dec 2021 12:15:10 +0000 (13:15 +0100)]
test/evp_extra_test.c: Refactor test_fromdata()
test_fromdata() turns out to be a bit inflexible, so we split it into
two functions, make_key_fromdata() and test_selection(), and adjust
test_EVP_PKEY_ffc_priv_pub() and test_EC_priv_pub() accordingly. This
allows us to check the resulting keys further, not only to check that
the bits we expect are there, but also that the bits that we expect
not to be there to actually not be there!
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Richard Levitte [Wed, 29 Sep 2021 11:45:55 +0000 (13:45 +0200)]
Enhance the explanation of selector bits in provider-keymgmt(7)
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Richard Levitte [Wed, 29 Sep 2021 09:05:41 +0000 (11:05 +0200)]
Adapt our OSSL_FUNC_keymgmt_match() implementations to the EVP_PKEY_eq() fix
The match function (called OSSL_FUNC_keymgmt_match() in our documentation)
in our KEYMGMT implementations were interpretting the selector bits a
bit too strictly, so they get a bit relaxed to make it reasonable to
match diverse key contents.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Richard Levitte [Wed, 29 Sep 2021 08:58:21 +0000 (10:58 +0200)]
Fix EVP_PKEY_eq() to be possible to use with strictly private keys
EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key
component if it has a private key component. However, this assumption
no longer strictly holds true, at least for provider backed keys.
EVP_PKEY_eq() therefore needs to be modified to specify that the
private key should be checked too (at the discretion of what's
reasonable for the implementation doing the actual comparison).
Fixes #16267
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
Pauli [Wed, 24 Nov 2021 01:38:51 +0000 (11:38 +1000)]
Fix Coverity
1494385 logically dead code.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17123)
Richard Levitte [Thu, 25 Nov 2021 07:58:21 +0000 (08:58 +0100)]
Fix faulty detail in BN_rand() manual
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
Richard Levitte [Mon, 6 Dec 2021 20:06:06 +0000 (21:06 +0100)]
Teach OpenSSL::ParseC about OPENSSL_EXPORT and OPENSSL_EXTERN
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
Richard Levitte [Mon, 6 Dec 2021 19:54:17 +0000 (20:54 +0100)]
Make OSSL_provider_init() OPENSSL_EXPORT, not just extern
On non-Windows systems, there's no difference at all. On Windows systems,
__declspec(dllexport) is added, which ensures it gets exported no matter
what.
Fixes #17203
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17215)
Tianjia Zhang [Wed, 8 Dec 2021 07:53:49 +0000 (15:53 +0800)]
apps/s_server: Correct s_server to return the correct file path
When s_server responds to a file data with the -WWW parameter, it
always gets a path named "GET". In this case, we need to skip the
"GET /" character to get the correct file path.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17231)
Tomas Mraz [Wed, 8 Dec 2021 11:54:52 +0000 (12:54 +0100)]
Windows CI: explicitly use windows-2019 instead of using windows-latest
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17234)
x2018 [Wed, 1 Dec 2021 08:15:44 +0000 (16:15 +0800)]
remove redundant ERR_raise
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)
x2018 [Wed, 1 Dec 2021 06:29:58 +0000 (14:29 +0800)]
check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)
Sam Eaton [Fri, 3 Dec 2021 22:47:26 +0000 (14:47 -0800)]
changes opensssl typos to openssl
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17191)
Pauli [Wed, 8 Dec 2021 01:16:42 +0000 (12:16 +1100)]
fix Coverity
1494649: dead code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17230)
Dr. David von Oheimb [Tue, 7 Dec 2021 06:32:12 +0000 (07:32 +0100)]
APPS/cmp: Fix use of OPENSSL_NO_SOCK: options like -server do not make sense with no-sock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17226)
Bernd Edlinger [Wed, 8 Dec 2021 13:14:48 +0000 (14:14 +0100)]
Minor code cleanup in o_names_init
This might result in a small memory leak.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17238)
Dr. David von Oheimb [Mon, 29 Nov 2021 09:07:08 +0000 (10:07 +0100)]
OSSL_HTTP_get(): Fix timeout handling on redirection
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17190)
Dr. David von Oheimb [Tue, 7 Dec 2021 12:11:27 +0000 (13:11 +0100)]
CMP check_msg_find_cert(): improve diagnostics on transactionID mismatch
On this occasion, make use of i2s_ASN1_OCTET_STRING() wherever possible
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17224)
Dr. David von Oheimb [Tue, 7 Dec 2021 11:41:13 +0000 (12:41 +0100)]
80-test_cmp_http_data/test_commands.csv: fix minor glitch in column alignment
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17224)
Dr. David von Oheimb [Tue, 7 Dec 2021 10:35:42 +0000 (11:35 +0100)]
APPS/cmp: fix -rspin option such that it works again without -reqin
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17222)
Dr. David von Oheimb [Tue, 7 Dec 2021 16:49:05 +0000 (17:49 +0100)]
OSSL_CMP_MSG_read(): Fix mem leak on file read error
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17225)
pkubaj [Sat, 20 Nov 2021 20:40:06 +0000 (20:40 +0000)]
Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurations
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17090)
Gerd Hoffmann [Tue, 7 Dec 2021 09:22:38 +0000 (10:22 +0100)]
rename MIN() macro
MIN is a rather generic name and results in a name clash when trying to
port tianocore over to openssl 3.0. Use the usual ossl prefix and
rename the macro to ossl_min() to solve this.
CLA: trivial
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17219)
Peiwei Hu [Mon, 6 Dec 2021 09:33:42 +0000 (17:33 +0800)]
bio_enc.c: add memory allocation check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17206)
Alex Pawelko [Sat, 4 Dec 2021 05:41:10 +0000 (00:41 -0500)]
Fix Markdown links in SUPPORT.md
Add link to CONTRIBUTING and fix (presumably broken?) link to Github issues
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17192)
Dr. David von Oheimb [Fri, 27 Aug 2021 13:33:18 +0000 (15:33 +0200)]
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
Matt Caswell [Mon, 6 Dec 2021 11:37:26 +0000 (11:37 +0000)]
Fix documentation for tlsext_ticket_key
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
Dr. David von Oheimb [Wed, 10 Nov 2021 08:39:55 +0000 (09:39 +0100)]
X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN
Also slightly improve the style of the respective code in crypto/x509/v3_san.c.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
Dr. David von Oheimb [Wed, 10 Nov 2021 08:31:11 +0000 (09:31 +0100)]
X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
Matt Caswell [Mon, 6 Dec 2021 11:13:02 +0000 (11:13 +0000)]
Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions
We should not be freeing the caller's key in the event of error.
Fixes #17196
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17209)
Dr. David von Oheimb [Fri, 3 Dec 2021 10:34:23 +0000 (11:34 +0100)]
OSSL_HTTP_open(): clarify doc of 'server' arg and its use of BIO_new_connect()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
Dr. David von Oheimb [Wed, 1 Dec 2021 07:01:31 +0000 (08:01 +0100)]
OSSL_HTTP_open(): Complete documentation of checks for server and proxy args
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
Dr. David von Oheimb [Tue, 30 Nov 2021 19:06:09 +0000 (20:06 +0100)]
OSSL_HTTP_set1_request(): Fix check for presence of port option and its documentation
For HTTP (not HTTPS) with proxy, server must be given, port is optional
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17186)
Dr. David von Oheimb [Fri, 3 Dec 2021 12:40:20 +0000 (13:40 +0100)]
OBJ_obj2txt(): fix off-by-one documentation of the result
Also remove the outdated BUGS section and fix the coding style of the function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17188)
Matt Caswell [Tue, 23 Nov 2021 15:22:27 +0000 (15:22 +0000)]
Don't run the symbol presence test on windows
Fixes #17109
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17119)
Tomas Mraz [Thu, 2 Dec 2021 21:08:25 +0000 (22:08 +0100)]
test_rsa: Test for PVK format conversion
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Tomas Mraz [Thu, 2 Dec 2021 21:07:38 +0000 (22:07 +0100)]
key_to_type_specific_pem_bio_cb: Use passphrase callback from the arguments
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Tomas Mraz [Thu, 2 Dec 2021 21:06:36 +0000 (22:06 +0100)]
PVK decoder: prompt for PVK passphrase and not PEM
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Tomas Mraz [Thu, 2 Dec 2021 21:04:21 +0000 (22:04 +0100)]
Fix pvk encoder to properly query for the passphrase
The passphrase callback data was not properly initialized.
Fixes #17054
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17181)
Matt Caswell [Thu, 2 Dec 2021 11:33:49 +0000 (11:33 +0000)]
Clarify the deprecation warnings in the docs
There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.
https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html
We clarify the wording to make it clear that the warning applies to the
following functions.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)
Tomas Mraz [Fri, 3 Dec 2021 10:59:07 +0000 (11:59 +0100)]
CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.
Fixes #17177
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)
Dr. David von Oheimb [Tue, 30 Nov 2021 15:44:59 +0000 (16:44 +0100)]
OSSL_HTTP_REQ_CTX_nbio(): Fix parsing of responses with status code != 200
This way keep-alive is not (needlessly) cancelled on error.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
Dr. David von Oheimb [Tue, 30 Nov 2021 15:20:26 +0000 (16:20 +0100)]
parse_http_line1(): Fix diagnostic output on error and return code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17171)
Dr. David von Oheimb [Mon, 29 Nov 2021 07:36:14 +0000 (08:36 +0100)]
OSSL_HTTP_transfer.pod: Some clarifications on the BIO connect/disconnect callback function
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
Dr. David von Oheimb [Mon, 22 Nov 2021 10:29:25 +0000 (11:29 +0100)]
OSSL_HTTP_transfer.pod: Fix omission documenting the 'ok' parameter of OSSL_HTTP_close()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17160)
x2018 [Wed, 1 Dec 2021 07:22:30 +0000 (15:22 +0800)]
s_cb.c: check the return value of X509_get0_pubkey()
Check is done to prevent wrong memory access by EVP_PKEY_get0_asn1()
Also fix wrong coding style in the s_cb.c file.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17176)
x2018 [Tue, 30 Nov 2021 12:33:32 +0000 (20:33 +0800)]
check the return value of BN_dup() in rsa_lib.c:1248
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17168)
Dmitry Belyavskiy [Mon, 22 Nov 2021 09:14:27 +0000 (10:14 +0100)]
Refactor: a separate func for provider activation from config
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17099)
Tomas Mraz [Tue, 30 Nov 2021 10:39:52 +0000 (11:39 +0100)]
pvkkdf: Always reset buflen after clearing the buffer
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17164)
Tomas Mraz [Tue, 30 Nov 2021 10:52:10 +0000 (11:52 +0100)]
various kdfs: Always reset buflen after clearing the buffer
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17165)
Dmitry Belyavskiy [Tue, 23 Nov 2021 14:18:52 +0000 (15:18 +0100)]
More detailed explanation how do engines work in 3.0
Related: #16868, #17081, #17107
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17115)
Dmitry Belyavskiy [Sun, 28 Nov 2021 09:21:21 +0000 (10:21 +0100)]
No EtM for GOST ciphers in TLS 1.2
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17150)
PW Hu [Tue, 9 Nov 2021 16:25:47 +0000 (00:25 +0800)]
Return -1 properly from do_X509_REQ_verify and do_X509_verify
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17001)
olszomal [Wed, 27 Oct 2021 10:36:08 +0000 (12:36 +0200)]
Don't include any TLSv1.3 ciphersuites that are disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16925)
Pauli [Thu, 25 Nov 2021 23:47:40 +0000 (09:47 +1000)]
doc: remove non-existent callbacks
These used to exist but were removed before release.
Updating the documentation was missed.
Fixes #17138
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17141)
Tom Cosgrove [Thu, 25 Nov 2021 15:49:26 +0000 (15:49 +0000)]
Fix EVP_PKEY_CTX_get_rsa_pss_saltlen() not returning a value
When an integer value was specified, it was not being passed back via
the orig_p2 weirdness.
Regression test included.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17136)
Richard Levitte [Thu, 25 Nov 2021 08:55:09 +0000 (09:55 +0100)]
TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
Dr. David von Oheimb [Fri, 19 Nov 2021 19:38:27 +0000 (20:38 +0100)]
BIO_push.pod: fix confusing text and add details on corner cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)
Bernd Edlinger [Wed, 24 Oct 2018 21:10:38 +0000 (23:10 +0200)]
Enable brainpool curves for TLS1.3
See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7485)
Allan Jude [Fri, 19 Nov 2021 18:58:51 +0000 (18:58 +0000)]
Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17084)
Matt Caswell [Wed, 24 Nov 2021 10:11:45 +0000 (10:11 +0000)]
Don't delete the doc/html directories when cleaning
The doc/html sub-dirs get created by Configure. Therefore they should
not be cleaned away by "nmake clean". Otherwise the following sequence
fails:
perl Configure VC-WIN64A
nmake clean
nmake
nmake install
Fixes #17114
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17128)
x2018 [Wed, 24 Nov 2021 03:26:09 +0000 (11:26 +0800)]
check the return value of OPENSSL_strdup(CRYPTO_strdup) in apps/lib/app_rand.c:32
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17124)
Pauli [Wed, 24 Nov 2021 03:32:47 +0000 (13:32 +1000)]
doc: fix macro name
OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT.
Fixes #17121
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17125)
x2018 [Tue, 23 Nov 2021 13:33:17 +0000 (21:33 +0800)]
check the return value of OPENSSL_strdup(CRYPTO_strdup) to prevent potential memory access error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17113)
x2018 [Tue, 23 Nov 2021 11:25:43 +0000 (19:25 +0800)]
check the return value of OPENSSL_strdup to prevent potential memory access error
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17110)
Richard Levitte [Mon, 22 Nov 2021 16:10:10 +0000 (17:10 +0100)]
Allow sign extension in OSSL_PARAM_allocate_from_text()
This is done for the data type OSSL_PARAM_INTEGER by checking if the
most significant bit is set, and adding 8 to the number of buffer bits
if that is the case. Everything else is already in place.
Fixes #17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
Richard Levitte [Mon, 22 Nov 2021 16:08:19 +0000 (17:08 +0100)]
Have OSSL_PARAM_allocate_from_text() raise error on unexpected neg number
When the parameter definition has the data type OSSL_PARAM_UNSIGNED_INTEGER,
negative input values should not be accepted.
Fixes #17103
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
Richard Levitte [Mon, 22 Nov 2021 15:38:43 +0000 (16:38 +0100)]
Test the performance of OSSL_PARAM_allocate_from_text with arbitrary size ints
With arbitrary size ints, we get to know exactly how large the minimum
buffer must be.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17104)
Tomas Mraz [Tue, 23 Nov 2021 15:01:28 +0000 (16:01 +0100)]
Add test for copying uninitialized EVP_MD_CTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)
Tomas Mraz [Tue, 23 Nov 2021 14:52:04 +0000 (15:52 +0100)]
EVP_MD_CTX_copy_ex: Allow copying uninitialized digest contexts
Fixes #17117
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17118)
Matt Caswell [Tue, 23 Nov 2021 12:24:39 +0000 (12:24 +0000)]
Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs
The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)
Rami Khaldi [Tue, 23 Nov 2021 23:23:25 +0000 (00:23 +0100)]
x509: Return a nonzero exit code on error when checking ip/email/host
In the x509 app when doing the ip/email/host validation of a
certificate we return nonzero exit code if the validation fails.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17022)
Allan Jude [Fri, 19 Nov 2021 15:14:30 +0000 (15:14 +0000)]
Fix detection of ARMv7 and ARM64 CPU features on FreeBSD
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)
Patrick Uiterwijk [Thu, 18 Nov 2021 09:47:14 +0000 (10:47 +0100)]
Support different R_BITS lengths for KBKDF
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17063)
Richard Levitte [Sun, 21 Nov 2021 09:37:18 +0000 (10:37 +0100)]
DOC: Add a few previously documented functions
d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.
This simply adds them back.
Fixes #17091
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17094)
(cherry picked from commit
1aa96159b0711369de9bf45b20327414cdb6b991)
Tomas Mraz [Fri, 19 Nov 2021 15:54:39 +0000 (16:54 +0100)]
Add test for EVP_PKEY_sign_init_ex with RSA PSS padding
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
Tomas Mraz [Fri, 19 Nov 2021 14:16:53 +0000 (15:16 +0100)]
rsa_signverify_init: Set the PARAMS after key is set
Also, default to unrestricted pss parameters until the key is set.
Fixes #17075
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17080)
Richard Levitte [Sun, 21 Nov 2021 08:48:05 +0000 (09:48 +0100)]
DOC: OSSL_PARAM_{set,get,construct}_BN() currently only supports nonnegative numbers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)
Richard Levitte [Fri, 19 Nov 2021 12:18:34 +0000 (13:18 +0100)]
Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers
Adding documentation to that fact as well.
Fixes #17070
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17074)
Bernd Edlinger [Fri, 19 Nov 2021 15:38:55 +0000 (16:38 +0100)]
Add a test case for duplicate engine loading
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
Bernd Edlinger [Fri, 19 Nov 2021 10:33:34 +0000 (11:33 +0100)]
Avoid loading of a dynamic engine twice
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.
Fixes #17023
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
Dr. David von Oheimb [Tue, 13 Jul 2021 08:20:38 +0000 (10:20 +0200)]
Fix HTTP server port output and allow dynamic verbosity setting
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16061)
Peiwei Hu [Sun, 14 Nov 2021 16:27:31 +0000 (00:27 +0800)]
SSL_export_keying_material: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 15:46:47 +0000 (23:46 +0800)]
BIO_set_indent: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 15:45:39 +0000 (23:45 +0800)]
BIO_set_prefix: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 15:16:57 +0000 (23:16 +0800)]
EVP_RAND_generate: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 15:00:00 +0000 (23:00 +0800)]
asn1_item_embed_d2i: fix th return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 14:56:24 +0000 (22:56 +0800)]
TXT_DB_write: fix the return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 09:57:57 +0000 (17:57 +0800)]
Fix EVP_PKEY_decrypt return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 09:15:11 +0000 (17:15 +0800)]
ossl_do_blob_header: fix return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Peiwei Hu [Sun, 14 Nov 2021 08:55:45 +0000 (16:55 +0800)]
BIO_gets: fix the incomplete return check
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)
Dr. David von Oheimb [Fri, 19 Nov 2021 10:12:09 +0000 (11:12 +0100)]
02-test_errstr.t: print errorcodes in hex (rather than decimal) format
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)
Dr. David von Oheimb [Wed, 17 Nov 2021 18:05:21 +0000 (19:05 +0100)]
Make ERR_str_reasons in err.c consistent again with err.h
Fixes printing generic reason strings, e.g., 'reason(524550)' vs. 'passed an invalid argument'
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17056)
Dr. David von Oheimb [Fri, 19 Nov 2021 10:58:40 +0000 (11:58 +0100)]
ERR: exempt flags from fallback decimal reason code printing
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17072)